IBM WebSphere Application Server 6.1 < 18.104.22.168 Multiple Vulnerabilities
Medium Nessus Plugin ID 55649
SynopsisThe remote application server is affected by multiple vulnerabilities.
DescriptionIBM WebSphere Application Server 6.1 before Fix Pack 39 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities :
- Use of an insecure XML encryption algorithm could allow for decryption of JAX-RPC or JAX-WS Web Services requests. (PM34841)
- An error exists in the validation of the 'logoutExitPage' parameter that can allow a remote attacker to bypass security restrictions and redirect users in support of a phishing attack. (PM35701)
- An error exists in the handling of administration console requests. This error can allow a local attacker to use a specially crafted request to view sensitive stack-trace information. (PM36620)
SolutionIf using WebSphere Application Server, apply Fix Pack 39 (22.214.171.124) or later.
Otherwise, if using embedded WebSphere Application Server packaged with Tivoli Directory Server, apply the latest recommended eWAS fix pack.